Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Rockwell Automation Patches Wireless Access Point against Krack

Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure.

Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure.

Most major vendors have similarly patched their products, some prior to the Oct. 16 announcement of the vulnerability in the WPA2 wireless protocol.

Rockwell said that its 5100 Wireless Access Point/Workgroup Bridge, version 15.3(3)JC1 and earlier were affected and managers should ensure the AP is updated as well as clients connecting to it.

“Rockwell Automation recommends that all users patch the clients that connect to the Stratix 5100 WAP/WGB, and recommends contacting your supplier to get the most updated patch that is compatible with your client devices,” said an advisory released by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). “However, patching the client only protects the connection formed by that specific client. In order to protect all future clients that may be added to your system, Rockwell Automation recommends patching the Stratix 5100 WAP/WGB when the firmware is available.”

An attacker in a man-in-the-middle position on a local network can exploit this vulnerability to decrypt traffic or inject malicious code.

Rockwell Automation markets the Stratix 5100 for use in autonomous networks on within a Cisco Unified network, providing connectivity in difficult to reach remote areas.

The KRACK vulnerability was disclosed by Mathy Vanhoef of KU Leuven in Belgium. Vanhoef privately disclosed to a number of critical vendors starting in July, and went public in a coordinated disclosure Oct. 16. The weakness is in the WPA2 standard used to secure modern Wi-Fi networks and affects even correct implementations of the protocol, he said.

The attack concentrates on the four-way handshake carried out when clients join WPA2 networks. It’s here where pre-shared network passwords are exchanged authenticating the client and access point and also where a fresh encryption key is negotiated that will be used to secure subsequent traffic. It is at this step where the key reinstallation attack takes place; an attacker on the network is able to intercede and replay cryptographic handshake messages, bypassing a mandate where keys should be used only once.

The weakness occurs when messages during the handshake are lost or dropped—a fairly common occurrence—and the access point retransmits the third part of the handshake, theoretically multiple times.

“Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake,” Vanhoef wrote. “By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. The same technique can also be used to attack the group key, PeerKey, TDLS, and fast BSS transition handshake.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.